Web Design – Brian.Carnell.Com

Jakob Nielsen Argues for Abandoning Password Masking on Websites

Jakob Nielsen makes the case against password masking — the convention of displaying asterisks or some other symbol instead of the actual characters typed in password entry boxes. Nielsen notes that password masking was originally implemented as a security measure, but questions just how much security it adds under the conditions most of us use the web,

Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users’ shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn’t even protect fully against snoopers.

Nielsen suggests adding a check box so users could decide whether or not to have their passwords masked so, for example, users in genuinely public situations such as at a public web terminal could still choose to have their passwords masked.

Nielsen argues this is one case where going against convention would be beneficial, but I wonder if he’s done any user-testing of this. My suspicion is that the overwhelming majority of users will assume there is something wrong with a website when the password isn’t masked and thereby likely cause even more confusion.

The standard on mobile devices of not masking the current character but masking previous characters is a good compromise and is becoming so widespread it may eventually break down that convention, but for now its hard to imagine a site abandoning password masking wouldn’t create more confusion and anxiety in its users than the problem it would allegedly solve.

Don’t Leave Your Draft Designs Laying Around Web

I am a big fan of encrypting my laptop’s hard drive, and typically use PGP Whole Disk Encryption product for that purpose. So yesterday I installed the 30-day trial, encrypted the drive, and ran it through its paces. As usual, WDE impresses me for its speed and unobtrusiveness.

But paying for it — that’s a whole other ball of wax. So I open up PGP, go to the “Buy a License” setting, and end up at their online store. Put in my credit card and other details and hit submit.

Uh oh — server error message. But there’s a helpful mailto link that suggests I send a notice to the web master to resolve the problem. So I click on the link, draft a quick “I’m just trying to register PGP WDE” and hit send.

And, of course, it bounces back. The interesting thing, though, is the e-mail address is clearly a dummy filler address that the web designer put in with the intent of adding a real address later . . . in fact the designer helpfully named the placeholder e-mail address:

[email protected]

Except, of course, it looks like no one ever bothered to go in and change [email protected]

Sigh. I’ll try again tomorrow.

Grey Matter Theme for WordPress

Most WordPress themes seem to rely on a few core design principles: a) there’s no such thing as too many columns — 4 is good but 5 or 6 are even better; b) you just can’t have too many distracting visual elements — nobody visits a site for content, what they really want to see are giant icons; c) garish backgrounds and header graphics help drive traffic — if visitors can easily read the content the first time, they might never come back.

So as much as I like it, it is clear that Nikolaj Masnikov’s nicely understated Grey Matter Theme is probably not the theme you’re looking for,

What the hell? A simple, straightforward color scheme? Where are the garish buttons? Why would anyone want to put the title of their blog up at top when a high contrast picture of clowns or perhaps daffodils would be so much easier on the eyes?

Man, what was that guy thinking?

Whitewash – A Nice, Simple WordPress Theme

One of the things about WordPress is that most people don’t seem to think their install is complete until they have a theme with 50 columns, giant buttons, and ads everywhere. I had to laugh a few weeks ago when The Blog Herald ran a series of articles about reducing template clutter — seriously, go visit their site for what passes as on the simple side in the WordPress community (thank goodness for Google Reader).

On the other hand, this is my idea of a simple, no nonsense template that doesn’t make the visitor’s eyes bleed (demo this template here).

C’mon guys — sometimes less really is more.

Design Site: Do As We Say, Not As We Do

This article on creating an unclutter web design is unintentionally hilarious given the grotesequely cluttered design of the site itself. As one of the commentators noted, it looks a bit like a parody at first, but, no, the site and article are serious (and with a seriously poor design).